search

oGGy990 / certbot-dns-inwx

INWX DNS authenticator plugin for certbot
Apache License 2.0
105 stars 16 forks source link

using of IDN (punycode) Domains #37

Open aschulz01 opened 3 days ago

aschulz01 commented 3 days ago

Hello, currently I try to create an certificate for multiple domains sample: certbot certonly -v -a dns-inwx -d ".xn--bung-zra.de" -d "xn--bung-zra.de" -d ".uebung.de" -d "uebung.de" --agree-tos

(to cover the german umlaut-domains .übung.de, übung.de, .uebung.de, uebung.de) the domainname in this issue is changed, the real domainname exists at inwx.de and the idn notation matches the field "Domain ACE" inside the content of https://www.inwx.de/de/domain/info/"übung.de"

unfortunately this error occurred: Starting new HTTPS connection (1): api.domrobot.com:443 https://api.domrobot.com:443 "POST /xmlrpc/ HTTP/1.1" 200 None Testing xn--bung-zra.de for domain _acme-challenge.xn--bung-zra.de... Resetting dropped connection: api.domrobot.com https://api.domrobot.com:443 "POST /xmlrpc/ HTTP/1.1" 200 None Testing _acme-challenge.xn--bung-zra.de for domain _acme-challenge.xn--bung-zra.de... Resetting dropped connection: api.domrobot.com https://api.domrobot.com:443 "POST /xmlrpc/ HTTP/1.1" 200 None Encountered exception:

Traceback (most recent call last): File "/snap/certbot-dns-inwx/current/lib/python3.12/site-packages/certbot_dns_inwx/_internal/dns_inwx.py", line 157, in add_txt_record domain = self._find_domain(record_name) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/snap/certbot-dns-inwx/current/lib/python3.12/site-packages/certbot_dns_inwx/_internal/dns_inwx.py", line 234, in _find_domain raise errors.PluginError( certbot.errors.PluginError: Unable to determine base domain for _acme-challenge.xn--bung-zra.de using names: ['_acme-challenge.xn--bung-zra.de', 'xn--bung-zra.de']

If I try call certbot with the unicode domainnames (übung.de, ...) then certbot advised me to use the ace domain format (idn /punycode)

aschulz01 commented 3 days ago

I found, that the DomRobot API "nameserver.list" should allow a punicode input. "nameserver.createRecord" and "nameserver.info" already allow this. The result from nameserver list must also punicode if the input was punicode. Then the authentication against certbot should work and the DomRobot Api should keep stable.

aschulz01 commented 3 days ago

I asked the inwx support to fix the domrobot API function "nameserver.list".